I am to get access to a remote SFTP server. The admin has created a user for me, and generated a public/private key pair for me. Then he securely sent me the private key file, which I use for authentication. I believe this is not good, I should be the one to generate the key pair, and give the public key to him. But I'm not able to think of any good reason why this is bad, if I use this key only to log into that server, no other servers. Are there any such reasons?
Receiving a private key from server admin: ok or not
authenticationprivate-keyssh-keys
Best Answer
It is exactly as you say: The whole concept of public key authentication is that the private key should only be known to the owner, while the corresponding public key can be widely disseminated. The security of your authentication depends on the security of the private key, not of the security of the public key.
The fact that somebody else provides you with a private key automatically makes it compromised. (You don't know if that other admin still has a copy which can be used to impersonate you.)